I am missing these two entries in ipa1 (The Master that was installed first):-
HTTP/ipa2.xyz@xyz.dmz
DNS/ipa2.xyz@xyz.dmz
The above entries are present only in ipa2.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/
Two more issues:-
1. I am still not able to login into the WebUI of ipa2 (Replica
Server). It displays "Internal Server Error"
2. Are there any logs to make sure that the Replication is working fine ?
___
Freeipa-users mailing list
Freeipa-users@redhat.c
As a workaround I modified named.conf to use simple authentication and
was able to start bind However I am looking for a better resolution.
--
dynamic-db "ipa" {
library "ldap.so";
Still unable to start bind :-
[root@ipa2 ~]# ipa-replica-conncheck --replica ipa1.xyz.dmz
Check connection from master to remote replica 'ipa1.xyz.dmz':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88)
Thomas Sailer wrote:
On 02/05/2013 08:02 PM, Rob Crittenden wrote:
Can you see if you have 60basev3.ldif in
/etc/dirsrv/slapd-YOUR-REALM/schema ?
That was indeed not there (only 60basev2.ldif).
I've copied it, restarted dirsrv.
ipa user-show admin works (it did work before though).
You'll
On 02/05/2013 08:02 PM, Rob Crittenden wrote:
Can you see if you have 60basev3.ldif in
/etc/dirsrv/slapd-YOUR-REALM/schema ?
That was indeed not there (only 60basev2.ldif).
I've copied it, restarted dirsrv.
ipa user-show admin works (it did work before though).
You'll want to look at /var/l
On 02/05/2013 01:40 PM, Thomas Sailer wrote:
On 02/05/2013 06:32 PM, John Dennis wrote:
% ipactl status
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
pki-cad Service: RUNNING
ipa: INFO: The ipactl comman
Thomas Sailer wrote:
On 02/05/2013 06:32 PM, John Dennis wrote:
% ipactl status
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
pki-cad Service: RUNNING
ipa: INFO: The ipactl command was successful
Appare
On 02/05/2013 06:47 PM, Petr Vobornik wrote:
Open Web Console in browser (in FF: 'Tools/Web Developer/Web Console',
in Chrome hit F12).
I'm using firefox. I'm getting a javascript warning about
getAttributeNode being deprecated, and some css complaints.
The first post just gets one's own pri
On 02/05/2013 06:32 PM, John Dennis wrote:
% ipactl status
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
pki-cad Service: RUNNING
ipa: INFO: The ipactl command was successful
Apparently, it isn't...
I'v
When I am trying to restart ipa, it fails to start the services to I
manually started LDAP and krb5kdc, now kinit admin is fine :-
How shall I proceed now ?
-
[root@ipa2 ~]# /etc/init.d/ipa status
Directory Service: STOPPED
On 02/05/2013 03:52 PM, Thomas Sailer wrote:
Hi,
I've just upgraded from F16 to F18 and thus freeipa v3.1.2.
It basically works, on the command line. ipa user-show xxx works.
The Web UI however no longer works. I get the login window with "Your
session has expired. Please re-login.", no matter
On 02/05/2013 12:11 PM, Thomas Sailer wrote:
Thanks, John!
See the log below. The only thing that looks strange to me is
expiration_timestamp=1970-01-01T01:00:00. Where does this time come from?
That's the initial value of zero on the expiration timestamp, the
beginning of the UNIX epoch, it'
Thanks, John!
See the log below. The only thing that looks strange to me is
expiration_timestamp=1970-01-01T01:00:00. Where does this time come from?
Tom
[Tue Feb 05 16:16:53.798117 2013] [:error] [pid 6843] ipa: INFO: ***
PROCESS START ***
[Tue Feb 05 16:16:53.914486 2013] [:error] [pid 684
Rajnesh Kumar Siwal wrote:
Both of these replica are in the same network.
I have disabled the iptables on both
Selinux disable.
still the output of kinit admin is the same
kinit: Cannot contact any KDC for realm
strace output attached.
strace isn't really helpful in this case.
Is the KDC runn
Both of these replica are in the same network.
I have disabled the iptables on both
Selinux disable.
still the output of kinit admin is the same
kinit: Cannot contact any KDC for realm
strace output attached.
On Tue, Feb 5, 2013 at 9:45 PM, Rajnesh Kumar Siwal
wrote:
> Last time the installatio
On 5.2.2013 17:15, Rajnesh Kumar Siwal wrote:
Last time the installation of replica failed. So this is second time I
did it (The logs in the mail are from the second time after I
uninstalled the ipa2).
After installing the replica, I restarted IPA and failed to start the KDC too.
So, kinit admin
Last time the installation of replica failed. So this is second time I
did it (The logs in the mail are from the second time after I
uninstalled the ipa2).
After installing the replica, I restarted IPA and failed to start the KDC too.
So, kinit admin is now failing.
---
On Tue, 2013-02-05 at 16:59 +0100, Petr Spacek wrote:
> On 5.2.2013 15:45, Rajnesh Kumar Siwal wrote:
> > Finally , I installed it with "--skip-conncheck":-
> > Now DNS fails to start.
> > I tried ipa-dns-install too:-
> >
> > [root@ipa2 log]# ipa-dns-install
> > The log file for this installation
On 5.2.2013 15:45, Rajnesh Kumar Siwal wrote:
Finally , I installed it with "--skip-conncheck":-
Now DNS fails to start.
I tried ipa-dns-install too:-
[root@ipa2 log]# ipa-dns-install
The log file for this installation can be found in
/var/log/ipaserver-install.log
==
On 02/05/2013 09:52 AM, Thomas Sailer wrote:
Hi,
I've just upgraded from F16 to F18 and thus freeipa v3.1.2.
It basically works, on the command line. ipa user-show xxx works.
The Web UI however no longer works. I get the login window with "Your
session has expired. Please re-login.", no matter
Thanks, Bob/Simo.
On Tue, Feb 5, 2013 at 8:24 PM, Rob Crittenden wrote:
> Simo Sorce wrote:
>>
>> On Mon, 2013-02-04 at 09:21 -0500, Rob Crittenden wrote:
>>>
>>> Rajnesh Kumar Siwal wrote:
Looking into the sssd logs, I came to know there there was one more
rule allowing access:-
>
Simo Sorce wrote:
On Mon, 2013-02-04 at 09:21 -0500, Rob Crittenden wrote:
Rajnesh Kumar Siwal wrote:
Looking into the sssd logs, I came to know there there was one more
rule allowing access:-
(Mon Feb 4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
[hbac_get_category] (5): Category is set to 'al
Hi,
I've just upgraded from F16 to F18 and thus freeipa v3.1.2.
It basically works, on the command line. ipa user-show xxx works.
The Web UI however no longer works. I get the login window with "Your
session has expired. Please re-login.", no matter whether I use kerberos
or password login.
On Mon, 2013-02-04 at 09:21 -0500, Rob Crittenden wrote:
> Rajnesh Kumar Siwal wrote:
> > Looking into the sssd logs, I came to know there there was one more
> > rule allowing access:-
> > (Mon Feb 4 14:13:01 2013) [sssd[be[chargepoint.dmz]]]
> > [hbac_get_category] (5): Category is set to 'all'.
Finally , I installed it with "--skip-conncheck":-
Now DNS fails to start.
I tried ipa-dns-install too:-
[root@ipa2 log]# ipa-dns-install
The log file for this installation can be found in
/var/log/ipaserver-install.log
==
On 5.2.2013 15:15, Rajnesh Kumar Siwal wrote:
Is there any other log file that may suggest something.
It would be great if we could figure out whats the cause of the error.
I would recommend to run tcpdump on one of the servers and look to what is
sent over the wire. It is most effective way.
Hi Rob,
Thanks for the quick reply.
I tried logging iptables in the replica also, but no log for dropped packet :-
I would appreciate if you could please let me know what these login actually do.
1. Looks to me as getting tgt for admin
2. Is it trying to login though ssh to ipa1 server ?
-
Rajnesh Kumar Siwal wrote:
We are trying to setup the IPA replication but it says "Connection
check failed!".
We disabled the firewall and found the same result.
---
[root@ipa2 /]#
29 matches
Mail list logo